diff options
| -rw-r--r-- | docs/Chapter4/Security.rst | 51 | ||||
| -rw-r--r-- | docs/data/needs.json | 46 |
2 files changed, 53 insertions, 44 deletions
diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst index 375e429..3899c8b 100644 --- a/docs/Chapter4/Security.rst +++ b/docs/Chapter4/Security.rst @@ -548,11 +548,10 @@ Identity and Access Management Requirements :id: R-85419 :target: VNF :keyword: SHOULD + :updated: casablanca - The VNF **SHOULD** use REST APIs exposed to Client - Applications for the implementation of OAuth 2.0 Authorization - Code Grant and Client Credentials Grant, as the standard interface - for a VNF. + The VNF **SHOULD** support OAuth 2.0 authorization using an external + Authorization Server. .. req:: :id: R-48080 @@ -589,10 +588,11 @@ API Requirements .. req:: :id: R-43884 :target: VNF - :keyword: MUST + :keyword: SHOULD + :updated: casablanca - The VNF **MUST** integrate with external authentication - and authorization services (e.g., IDAM). + The VNF **SHOULD** integrate with the Operator's authentication and + authorization services (e.g., IDAM). .. req:: :id: R-25878 @@ -855,8 +855,12 @@ Security Analytics Requirements :id: R-54520 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** log successful and unsuccessful login attempts. + The VNF **MUST** log successful and unsuccessful authentication + attempts, e.g., authentication associated with a transaction, + authentication to create a session, authentication to assume elevated + privilege. .. req:: :id: R-55478 @@ -884,16 +888,18 @@ Security Analytics Requirements :id: R-07617 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** log creating, removing, or changing the - inherent privilege level of users. + The VNF **MUST** log success and unsuccessful creation, removal, or + change to the inherent privilege level of users. .. req:: :id: R-94525 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** log connections to a network listener of the + The VNF **MUST** log connections to the network listeners of the resource. .. req:: @@ -954,11 +960,10 @@ Security Analytics Requirements :id: R-63330 :target: VNF :keyword: MUST + :updated: casablanca - The VNF **MUST** detect when the security audit log storage - medium is approaching capacity (configurable) and issue an alarm via - SMS or equivalent as to allow time for proper actions to be taken to - pre-empt loss of audit data. + The VNF **MUST** detect when its security audit log storage + medium is approaching capacity (configurable) and issue an alarm. .. req:: :id: R-41252 @@ -972,27 +977,30 @@ Security Analytics Requirements :id: R-41825 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** activate security alarms automatically when - the following event is detected: configurable number of consecutive - unsuccessful login attempts. + a configurable number of consecutive unsuccessful login attempts + is reached. .. req:: :id: R-43332 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** activate security alarms automatically when - the following event is detected: successful modification of critical - system or application files. + it detects the successful modification of a critical system or + application file. .. req:: :id: R-74958 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** activate security alarms automatically when - the following event is detected: unsuccessful attempts to gain permissions + it detects an unsuccessful attempt to gain permissions or assume the identity of another user. .. req:: @@ -1039,9 +1047,10 @@ Security Analytics Requirements :id: R-29705 :target: VNF :keyword: MUST + :updated: casablanca The VNF **MUST** restrict changing the criticality level of a - system security alarm to administrator(s). + system security alarm to users with administrative privileges. .. req:: :id: R-13627 diff --git a/docs/data/needs.json b/docs/data/needs.json index 1898476..4c18bc7 100644 --- a/docs/data/needs.json +++ b/docs/data/needs.json @@ -1,5 +1,5 @@ { - "created": "2018-09-05T18:05:01.216554", + "created": "2018-09-05T20:05:26.621772", "current_version": "casablanca", "project": "", "versions": { @@ -21858,7 +21858,7 @@ "needs_amount": 750 }, "casablanca": { - "created": "2018-09-05T18:05:01.216400", + "created": "2018-09-05T20:05:26.621679", "needs": { "R-00011": { "description": "A VNF's Heat Orchestration Template's Nested YAML files\nparameter's **MUST NOT** have a parameter constraint defined.", @@ -23427,7 +23427,7 @@ "validation_mode": "" }, "R-07617": { - "description": "The VNF **MUST** log creating, removing, or changing the\ninherent privilege level of users.", + "description": "The VNF **MUST** log success and unsuccessful creation, removal, or\nchange to the inherent privilege level of users.", "full_title": "", "hide_links": "", "id": "R-07617", @@ -23450,7 +23450,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -28160,7 +28160,7 @@ "validation_mode": "" }, "R-29705": { - "description": "The VNF **MUST** restrict changing the criticality level of a\nsystem security alarm to administrator(s).", + "description": "The VNF **MUST** restrict changing the criticality level of a\nsystem security alarm to users with administrative privileges.", "full_title": "", "hide_links": "", "id": "R-29705", @@ -28183,7 +28183,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -30823,7 +30823,7 @@ "validation_mode": "" }, "R-41825": { - "description": "The VNF **MUST** activate security alarms automatically when\nthe following event is detected: configurable number of consecutive\nunsuccessful login attempts.", + "description": "The VNF **MUST** activate security alarms automatically when\na configurable number of consecutive unsuccessful login attempts\nis reached.", "full_title": "", "hide_links": "", "id": "R-41825", @@ -30846,7 +30846,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -31223,7 +31223,7 @@ "validation_mode": "" }, "R-43332": { - "description": "The VNF **MUST** activate security alarms automatically when\nthe following event is detected: successful modification of critical\nsystem or application files.", + "description": "The VNF **MUST** activate security alarms automatically when\nit detects the successful modification of a critical system or\napplication file.", "full_title": "", "hide_links": "", "id": "R-43332", @@ -31246,7 +31246,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -31339,13 +31339,13 @@ "validation_mode": "" }, "R-43884": { - "description": "The VNF **MUST** integrate with external authentication\nand authorization services (e.g., IDAM).", + "description": "The VNF **SHOULD** integrate with the Operator's authentication and\nauthorization services (e.g., IDAM).", "full_title": "", "hide_links": "", "id": "R-43884", "impacts": "", "introduced": "", - "keyword": "MUST", + "keyword": "SHOULD", "links": [], "notes": "", "section_name": "VNF API Security Requirements", @@ -31362,7 +31362,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -33711,7 +33711,7 @@ "validation_mode": "" }, "R-54520": { - "description": "The VNF **MUST** log successful and unsuccessful login attempts.", + "description": "The VNF **MUST** log successful and unsuccessful authentication\nattempts, e.g., authentication associated with a transaction,\nauthentication to create a session, authentication to assume elevated\nprivilege.", "full_title": "", "hide_links": "", "id": "R-54520", @@ -33734,7 +33734,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -35326,7 +35326,7 @@ "validation_mode": "" }, "R-63330": { - "description": "The VNF **MUST** detect when the security audit log storage\nmedium is approaching capacity (configurable) and issue an alarm via\nSMS or equivalent as to allow time for proper actions to be taken to\npre-empt loss of audit data.", + "description": "The VNF **MUST** detect when its security audit log storage\nmedium is approaching capacity (configurable) and issue an alarm.", "full_title": "", "hide_links": "", "id": "R-63330", @@ -35349,7 +35349,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -37454,7 +37454,7 @@ "validation_mode": "" }, "R-74958": { - "description": "The VNF **MUST** activate security alarms automatically when\nthe following event is detected: unsuccessful attempts to gain permissions\nor assume the identity of another user.", + "description": "The VNF **MUST** activate security alarms automatically when\nit detects an unsuccessful attempt to gain permissions\nor assume the identity of another user.", "full_title": "", "hide_links": "", "id": "R-74958", @@ -37477,7 +37477,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -39529,7 +39529,7 @@ "validation_mode": "" }, "R-85419": { - "description": "The VNF **SHOULD** use REST APIs exposed to Client\nApplications for the implementation of OAuth 2.0 Authorization\nCode Grant and Client Credentials Grant, as the standard interface\nfor a VNF.", + "description": "The VNF **SHOULD** support OAuth 2.0 authorization using an external\nAuthorization Server.", "full_title": "", "hide_links": "", "id": "R-85419", @@ -39552,7 +39552,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, @@ -41632,7 +41632,7 @@ "validation_mode": "" }, "R-94525": { - "description": "The VNF **MUST** log connections to a network listener of the\nresource.", + "description": "The VNF **MUST** log connections to the network listeners of the\nresource.", "full_title": "", "hide_links": "", "id": "R-94525", @@ -41655,7 +41655,7 @@ "title": "", "title_from_content": "", "type_name": "Requirement", - "updated": "", + "updated": "casablanca", "validated_by": "", "validation_mode": "" }, |